06-04-2009 01:41 PM - edited 03-10-2019 04:39 AM
I have a Cisco 5520 with the ASA-SSM-10 IPS Module. I am running version 6.1(2)E3. I need a way to whitelist an IP Address from a Security Scanning vendor. The vendor is Control Scan and everytime they try to certify our site it fails because the IPS is killing their connection. Any help woul be greatly appreciated.
Thank you.
06-04-2009 01:46 PM
Create a filter for the IP of the Security Scanning Vendor and in the filter select all of the actions for removal.
06-04-2009 02:25 PM
Awesome. Thank you for the help.
David
06-20-2014 01:32 PM
I know this question was asked some time ago, but I don't understand the advice that was given. I'm quoting from the a CLI guide here: "Filters work by removing actions from an event. A filter that removes all actions from an event effectively consumes the event."
The question is how to allow a scan from a particular host or hosts and the answer given is to create a filter which will cause the IPS to consume the event?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide